Purchasing aid logistics appliance

ABSTRACT

A purchasing aid logistics appliance that assists a purchaser with a shopping list generation, in-store product location, automated checkout, and financial management. The PAL is in the form of a battery operated PAL with touch screen display and multimedia input/output. The PAL functions as a fiduciary aid and two-way communications device secure for managing money and processing perishable data. The PAL can function as a stand-alone device or synchronized with a user&#39;s personal computer via a RF or IR link.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.10/037,382 filed Jan. 4, 2002 and entitled “PURCHASING AID LOGISTICSAPPLIANCE,” which is hereby incorporated by reference herein in itsentirety.

BACKGROUND OF THE INVENTION

This invention relates generally to electronic commerce, and, moreparticularly, to the processing, modifying, analyzing, and storing ofpurchaser data to support functions that are valuable to productidentification selection, and purchase for the customer, the merchant,and the supply chain.

The retail industry's drive for efficiency is on going. Purchasers favormerchants with lowest prices. Merchants compete to provide lowestprices. In this competition unit stores are growing ever-larger floorand shelf space and carrying more stock. Managing very large stock,floor and shelf spaces is becoming difficult. Purchasers need assistanceto manage the volume and frequency of product and sales information;navigate in large retail spaces to find specific products; provideelectronic payment for product purchases.

Merchants, suppliers and purchasers (customers) are beginning to worktogether. Merchants and suppliers now provide information through theInternet so purchasers can shop from home. Merchants and suppliers areproviding barcode coupons through the Internet. Purchasers are beginningto use portable barcode scanner devices supplied by merchants to selectand process products in the retail space. Merchants have deployed kiosksin the retail space with electronic displays and keyboards to displayinformation about products to purchasers. Paper catalogs now appear withbareodes that direct a web browser to a product information page on theInternet. Electronic devices are now available to help a purchasermanage money and automate the payment function of the checkout process,

Financial transactions require encryption to keep sensitive data secure.Communications encryption is accomplished today using the Public KeyInfrastructure or PKI. This method is safe and secure as long as the keyis safe and secure. If someone steals a laptop computer, the key isstored in the computer and it is compromised. In the prior art, thepublic key is offloaded from the laptop computer to a smartcard. Thesmart card must be inserted to make a secure connection. However thememory of the laptop computer is still unprotected leaving stored datasusceptible to theft.

Examples of systems in place today to accommodate purchasers aredescribed in U.S. Pat. No. 5,873,045 to Peter Lee et al that describes amobile client system using a cellphone interconnected with a mobilecomputing device; and U.S. Pat. No. 5,956,693 that describes merchantcommunication to customers. Both of these devices place mobile computerpower in the hands of the purchaser. These devices advance purchaser orcustomer automation by providing, access to product data in the retailspace. But neither is designed to be ubiquitously integrated into amerchants retail automation system. Both of these devices areinsufficient to support all the functions needed by the merchant,supplier and purchaser (customer).

For a better understanding of the present invention, reference is madeto the accompanying drawings and detailed description and its scope willbe pointed out in the appended claims.

SUMMARY OF THE INVENTION

The present invention is a purchasing aid logistics appliance (PAL) isstand alone device that communicates with a merchant computer providingcommunication between a PAL and the merchant in-store computer.Sensitive personal finance, product, price and availability informationcan be exchanged between the PAL and the merchant computer in a securetimely manner to specific identifiable purchasers and to the generalpublic. The PAL will assist the purchaser in product selection andlocation; merchant selection and management; automated checkout; andmanaging financial data. In addition, the PAL interfaces with amerchants in-store system to communicate to the purchaser in the retailspace. The PAL communicates using both data and voice using anunrestricted part of the spectrum. The PAL interfaces with a networkoutside the retail space to gather product information in preparationfor future visits to the merchant store. Further, the PAL interactssecurely in the retail space with the merchants automation system toassist the purchaser with product selection, location and checkout.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of the PAL computer hardware architecture ofthis invention;

FIG. 2 is a pictorial representation of an example of a high-densitybarcode of this invention;

FIG. 3 is a block diagram of the printed media decode process of thisinvention;

FIG. 4 is a tabular representation of the HTML decode table illustratedin FIG. 3;

FIG. 5 is a tabular representation of an example of a vertical barcodenumerical code pattern for a high-density barcode used with thisinvention,

FIG. 6 is a schematic representation of the results of the barcodedecoding process in accordance with the present invention:

FIG. 7 is a flow chart of the information exchange links of the presentinvention illustrated in FIG. 1;

FIG. 8 is a flow chart of a memory map of the present invention;

FIG. 9 is a flow chart of a three way verification process of the securememory of the present invention;

FIG. 10 is a flow chart of the key generation technique of the securememory of the present invention;

FIG. 11 is a flow chart of the address encrypted RAM of the securememory of the present invention:

FIG. 11A is a pictorial representation of the antenna system of thepresent invention;

FIG. 12 is a schematic representation of the PAL communication linkswith the merchant computer within four (4) areas of the merchantfacility;

FIGS. 13A and 13B are plots of the ingress and egress barker beacon fullduplex channels transmitted by the Main Doorway Area of the merchantcomputer illustrated in FIG. 12;

FIG. 14 is a process flow diagram of the PAL and checkout communicationsystem of this invention;

FIG. 15 is a pictorial schematic representation of the power supply ofthe present invention; and

FIG. 16 is a pictorial schematic representation of the weight-measuringdevice of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

The preferred embodiment of the present invention is represented by apurchasing aid logistics (PAL) appliance 10. The PAL 10 utilizesconventional components in the hardware architecture as shown in FIG. 1.These components described below are not to be considered as alimitation on the present invention and can be substituted for by otherequivalent components.

A central processor 11 with main memory 12 connected to a main systemaddress/data bus 13 links all the components of the hardwarearchitecture. A secure trusted monitor program stored in the main memory12 and executable by the central processor 11 controls all functions. ABoot Program 14 brings up the PAL 10 from a cold or warm start and runstest executables. The monitor program is stored in Flash Memory andSystem Software 16 where it can be updated as needed. Key sessionparameters have been stored from a previous use. Secure data such asencryption keys, financial data owner name and pertinent data are storedin an encryption circuitry equipped random access memory 18. There is amicro video display controller 20 for a micro video display 22.Conventional voice analog circuitry 26 with speaker and microphone isutilized for voice digital conversion input/output 24. The monitorprogram stores specific voice samples for necessary biometric voicerecognition. Additionally, the PAL 10 includes a barcode or opticalreader subsystem 44 and optical scan assembly 46, magnetic stripe reader34 utilizing a hardware interface 32 to the system bus 13, smart cardreader 38 utilizing a hardware interface 36, remote ear piece 28,high-resolution touch screen display 50 with touch screen interfacecontroller 48, weight-measuring device 58 connected to the bus 13 by ananalog-to-digital converter 56, a radio link controller 40 and radiosubsystem 42 for high-speed secure short-range communication.Additionally, the PAL 10 includes a front panel 54 that includes keys,switches and indicators coupled to the bus 13 by a panel interface 52.As stated above, this listing of features is for illustrative purposesand not to limit the invention. Other features not listed are within thecontemplation of the invention.

The PAL 10 can execute several program modules stored on the centralprocessor 11, such as accounting, calendar, clock, shopping list, andcommunication. The accounting software keeps track of accounts such ascredit cards, loans, checking and savings. It has a real time clock andcalendar to measure the passage of time and records financialtransaction logs in parallel with banks and other financialorganizations. The data is secure in the PAL 10 by means of a securecard reader and biometrics. The PAL 10 is also capable of interactingwith a user through voice recognition and fingerprint identification toprovide a strong level of security (not shown).

The PAL 10 is designed to facilitate procurement planning. This planningwill most likely take place as the purchaser or customer uses the PAL 10to create lists of items to procure. For example, a merchant grocerdistributes a flyer to each household in a district. To create a listthe purchaser (customer) first scans in the merchant's specific opticalcode, which contains information pertinent to the merchant, includingbut not limited to sale terms and conditions. For each product listed, aprinted barcode or similar code is produced that can be scanned into thePAL 10. To add a specific product to the list, the purchaser Scans theproduct specific optical code. The code contains a product description,unit and price. The printed media advertisement will have a masterbarcode or similar control code identifying the merchant, date and saleterms. The purchaser scans in the master control code for each item tobe procured. Items can be added or removed using the keypad functions.In addition, items can be added from memory based upon previouspurchases as well as on-line from the merchant's web site. If thepurchaser is Internet enabled, an RF device (not shown) attached to thepersonal computer will activate the RF link via the optical scanassembly 46, acting as an Internet port, and enable up loads and downloads to the PAL 10. The merchant will receive advance information onproduct selections. If the purchaser is not Internet enabled or choosesnot to use the Internet, then the merchant receives this information oncustomer ingress into the merchant store.

By scanning a high-density barcode 60, as shown in FIG. 2, the PAL 10provides a screen of information relevant to the product scanned, inparticular similar data as received from a web site, The PAL 10 hasexecutable software to create a browser frame where a high-densitybarcode 60 is scanned that contains programming and information aboutthe product, and sales terms and conditions. The high-density barcode 60makes use of printed media codes to extract information and present itto a user on the screen of the PAL 10. The high-density barcode 60 alsoextracts rules concerning the terms of the advertisement and presentsthe rules to the purchaser and alters the behavior of the PAL 10 whilein a merchant's facility. The display information is encoded in themedia in two parts. One part is the visual formatting instructions tothe PAL 10 and the other is the information to be presented.

Printed media pattern codes such as bareodes can be one or moredimensional ink on paper print patterns that can be decoded by anoptical scan assembly 46 into a number. There are many types of scancodes in existence. For example the Data Matrix code is a bi-dimensionalcode that can represent a maximum of 2000 ASCII characters. Another suchcode, PDF417, is another bi-dimensional code. In this code each line iscomposed of a variable number of columns that encode data. This code isbracketed by a Start character and Stop character. The maincharacteristics are a minimum and maximum number of columns and rows.Another code is Code 11. It is named for the fact it contains 11possible code patterns. Still another is Code 39, an alphanumeric barcode that can encode decimal numbers, the upper case alphabet, and someextra symbols. There are many existing codes that could be used with thepresent invention. However, codes printed on low quality paper would notbe able to support the dense ink patterns that many of these codesrequire.

As shown in FIG. 2, a high-density barcode 60 increases the amount ofdata that can be transmitted using poor quality paper, as found in anewspaper. The high-density barcode is a sequence of horizontal barcodesstacked into an arrangement that can be scanned in by a simple verticalsweeping motion of the hand. The scan will require limited uniformvertical motion, well within the capability of the wrist, elbow andshoulder. High-speed electronic processing is used to average out motionerrors.

An encode process, as shown in FIG. 3, shows how a vertical barcode orsimilar code can encode a WEB page display and/or behavior modifyingrules. The encode process uses codes and checksums for data reliability.Returning to FIG. 2, the user will point a laser scan line 66 generatedby the optical scan assembly 46 at the top barcode 202 and drag thelaser scan line 66 to the bottom barcode 203. When successful thepurchasing aid logistic appliance 10 will beep one short high-pitchednote. If not successful the purchasing aid logistic appliance 10 willbeep one long low sounding beep. Checksums in the code will indicate asuccessful scan. Also, other types of signals representative ofinformation can also be printed by the PAL 10.

Returning to FIG. 3, the high-density barcode 60, which is designed toencode information required by the PAL 10 is scanned by a scanner 102A,designed to extract the amount of information required to represent aWEB page. A decoder 103 decodes the scan using rules concerning hownumbers are coded to represent information. These rules are coded intotables represented by numerals 105,106A,107 and 111. These tablesinteract with the decoder 103 to provide parsing information to a parser104A. The parser 104A creates the software that will build the display.The parser 104A can also identify rules and construct a BehaviorModifying Rules Table. The rules decode table 111 is a table thatgoverns the rules of communications and commerce by the PAL 10.Specifically, the rules decode table 111 includes information specificto a unique merchant. When the PAL 10 is presented to the uniquemerchant, the rules decode table 111 will identify the merchant andterms and conditions of a sale. Information in the PAL 10 about othermerchants will not be shared. The browser receives HTML or similarsoftware from the parser 104A and creates a display 109.

The vertical barcode format, for example, does not contain a specificlanguage, for example, Java or HTML. Rather the vertical barcode willrepresent a sequence of numerical codes. Then from that, each suitablelanguage will have a table from which a list of codes will generate afinite number of web page variations. The high-density barcode 60identifies the table and represents codes indexed specifically for eachlanguage. The high-density barcode 60 uses the parser 104A to constructthe frame software needed by a display browser 108A. This is a multistep process designed to make, for example, the vertical barcode formator a similar code independent of any browser language.

The high-density barcode 60 can represent an imbedded browser frame.There are many types of scan codes in existence. They vary by the sizeand type of code represented by the light and dark patterns of ink andpaper. In the present art, a spot laser beam is swept into a linepattern by a reflecting device oscillating at a known rate. The opticalreceive path can be the exact same path. The laser spot man lookcontinuous but is, in fact switched on and off at high speed to conservepower and for other reasons. The optical receive is gated to the ratethe laser is turned on and off. The resulting optical detection patternis processed to average and smoothes out any noise spikes. There will beseveral samples for each light and dark return. The dark returns willvary by the width of the ink line. A time base is established by thepreamble to the barcode helping to determine the frequency of the phaselock loop for the remainder of the barcode. This process is similar to amodem training sequence.

Returning to FIG. 2, the layout of the high-density barcode 60 is shovein a vertical code format. The purpose of the vertical code format is todemonstrate how to build a barcode that contains sufficient informationto build a WEB page or rules table. As more data is required, more codesare stacked until the practicable limit is reached. A first code line202 shows where the first scan is started from and a last code line 203shows the point to where the scan is dragged. The first code line 201shows a timing space between stacked codes for the purpose of resettingthe scan to pull in the next level. This is only an example to show howbandwidth dense codes could be built on poor quality paper.

FIG. 4 is a partial example of how to build a HTML decode table 105 ofnumerical codes indexed to coding statements. Some coding statementswill require additional fields to fully populate the statement. Thepurpose of HTML decode table 105 is to reduce the need for informationbandwidth by using numerical codes to represent entire statements. Thusby calling out codes and populating them with field data a fullstatement can be built conserving barcode bandwidth. FIG. 6 illustratesa minimum number of statements in the HTML decode table 105 to build aweb page displaying, for example, “HELLO WORLD.”

The parser 103, shown in FIG. 3, can build a fully functional HTMLprogram by placing numerical codes 401, for example, in a sequencecreating a coding pattern table as illustrated in FIG. 5.

The high-density barcode 60 or any similar print code contains anumerical table index code with data. The codes are cross-referenced totables 105, 106A, 107, 111, as shown in FIG. 3. The index points to asoftware instruction contained in the HTML decode table 105, whichcontains a series of code values 401, as illustrated in FIG. 5. Thesevalues contain significance to the parser 104A. The HTML decode table105 instructs the parser 104A how to interpret the value. For example,code 11 indicates the start of table data. The next value is one ofeight possibilities corresponding to tables 105, 106A, 107, 111.

FIG. 6 is al example of the parsing process where the barcode 503represents the numerical sequence 501. Embedded in numerical sequence501 is code 11 12 05 which tells the parser 104A to select the HTMLdecode table 105 to interpret the remainder of the data and there are 5code statements. Code 60 is a fictitious checksum value shown forexample only. It will repeat at the barcode end. Code 22 indicates thestart of table indices. Code 00 is the first entry in the HTML decodetable 105. This first entry has no required fields. Index 04 is thefirst code statement to require a field. Code 31 tells the parser 104Athe next value is the number of characters in the first field. If therewere a second field, code 31 would appear again after the 11^(th)character code with a numerical representing the size of the next field.This process would continue until all fields were fully presented.Continuing with the example, 11 characters follow. They are coded in therange 31-56 which tells the parser how they to are be interpreted astext characters. Finally code 21 appears again followed by 60. If theparser were able to calculate the same checksum, a short high pitch beepwould indicate a successful scan and the resultant 502 would be put upon the display. Numerical codes are used to represent coding statementsfrom any descriptive language that can build a display by way of browserinstructions. The vertical barcode format does not require a specificlanguage for example WAP, JAVA or HTML. Rather the frame software willbe built from numeric codes. For example the HTML statement: <p><tablebgcolor=“#000000” border=0 cellpadding=5 cellspacing=1 wIDth=468> couldbe designated by the numeric code 43. The high-density barcode 60 isbased on the premise that a web page can be constructed from a closedlist of software statements. By way of the present example, ninety-ninestatements could be developed and referenced by a two digit decimalcode. By way of example, any practical number could be used for example199. Data fields follow other codes as shown in FIG. 3. The parser 104Acan build the code statement and populate it with field data extractedfrom the printed code. At the conclusion of this process HTML or similarsoftware is generated for a browser to generate a frame display.

By way of example, the vertical barcode format can contain informationabout a merchant and sale terms and conditions. This information isdisplayed and may be entered into the rules table 112A.

As shown in FIG. 7, the PAL 10 interfaces with print media 62, theInternet 64, and merchant's computer 66. Product data is downloaded tothe PAL 10, where the purchaser makes decisions and creates merchantspecific product lists prior to going to the store. In the planningstage of a purchase, for example, a purchaser may wish to know whichproducts do not contain an ingredient. For example, the purchaser mayrequire breads that do not contain sodium The purchaser can access themerchant computer 66 through a personal computer 68 via the Internet 64,as illustrated in FIG. 7, and request a listing of products matching therequest sorted by preferred merchants. The purchaser then will select aproduct for purchase and estimate a purchase date. The list for amerchant is managed by several factors including date when the date, forexample, is a factor in terms and conditions. Price and availability mayalso, for example, manage individual items. Upon completion of theproduct list or shopping list, the PAL 10 can store the list until entryinto the merchant facility or the PAL 10 can upload the list to themerchant's computer via an Internet portal for storage. The merchant mayreview the list and check inventory to assure the products are in stock.

The purchaser creates a list of items to procure and assigns a paymentmethod to the list. The PAL 10 will manage the budget for the list andall lists. Since financial data is sensitive, the PAL 10 may utilize asecurity system in a layers concept to safeguard use. Layers representvarious facets of the device from trusted monitor to smart cards toencrypted memory. Access to sensitive data begins with smart cardtechnology and works through succeeding layers. The smart cardtechnology would be employed for store critical secure data. The PAL 10can read the magnetic stripe on credit or debit cards and down load thisdata into a secure memory where it can be retrieved and sent to thesales register at purchase time.

The secure memory of the present inventions illustrated in FIG. 8, isincluded in a memory map 70, the most basic element of any computingdevice. The memory map 70 is organized into regions where specific tasksare performed. The regions are the physical address locations of a blockof memory units 72. A memory unit 72 may be any number of bits but isusually a multiple of eight forming an eight-bit byte, sixteen-bit word,or thirty-two-bit double word. A single address location consists ofseveral binary circuits, which must be decoded before the location canhe opened for reading or writing. The central processor 11, illustratedin FIG. 1, sends out address signals on the address bus, which isprocessed by a memory address decoder. The decoder then selects whichphysical unit of memory is accessed. As shown in FIG. 8, an elementarymemory map 70 in which the top of the map, RAM 10A, represents am areawhere a program and data are stored, with logical methods of datatransfer to the RAM 10A, RAM input 13 and RAM output 12A. Programsstored on permanent storage devices are accessed by software in the readonly memory basic input/output operating system and put into RAM 10A.

The specific memory used to hold the video image to be displayed isrepresented by video memory 15. The difference between RAM 10A and videomemory 15 is the address range, which is coded a read only memory basicinput/output operating system (ROM BIOS) 25. When a program executing inRAM 10A has data to write to the display, it calls the video out routinein ROM BIOS 25 and sends it data by was of the circuitry 17. This datais then displayed by the video generating circuitry connected to thismemory (not shown) which is a well-understood process.

A similar method is used to set encrypted RAM 20. Encrypted RAM 20 hasthe same general properties of RAM 10A in that memory can be read fromand written to. It has two modes of operation; the first is secure andsecond is disabled. By way of read circuitry 23 and write circuitry 22Aencrypted RAM 20A functions as ordinary memory when set to secure mode.When encrypted RAM 20A is set disabled the data retrieved by way of readcircuitry 23 is not logical and therefore useless. Write circuitry 22Adoes not function in a logical manner when disabled. The order of datais sometimes referred to in the literature as beg Endian or littleEndian. This is a reference to which byte of a multi-byte retrievalcontains the most significant bit and which contains the leastsignificant bit. Without knowing which causes the data to be improperlyinterpreted.

FIG. 9 illustrates the use of encrypted RAM 20A in the present inventionin a three way verification process. In step 1 a smart card is insertedinto the PAL 10 and the pin 30 is accessed. The user is prompted toenter a personal identification number (PIN) 31. The user's PIN number31 is verified 32S with the PIN 30 stored in the smart card. In step 2 asecure data hash 33 is compared to a hash 34A stored in smart card orany convenient location. If the comparison 35 is valid then the processcontinues to step 3, a verification 36S of a bond created in a previoussession. From a previous session, a hash of the secure data in encryptedRAM was created and stored in two places. One place is the smart cardand other is on the PAL 10. If both step 1 and step 2 are valid then thedecision branch at step 4 is yes and encrypted RAM is unlocked 38S andmade available. The user then performs one or more transactions, whichmay or may not change the data in encrypted RAM. Then a hash-creatingalgorithm located in ROM BIOS 25, see FIG. 8, runs and creates a newhash for the next session stored on the smart card data hash 34A and onthe PAL 10 For the next session. If steps 1 & 2 are not valid, then thedata in encrypted RAM is destroyed.

FIG. 10 shows an alternative method of how encrypted RAM could be usedin the PAL 10. First, two independent variables are generated 40S: thefirst variable 41 and the second variable 42. The first variable 41 andsecond variable 42A combine in a process to generate a cipher key 43that fits into a special address decoder 44A. Ordinary RAM is attachedto the special address decoder 44. Together the special address decoder44A and RAM 45 create encrypted RAM 46A.

Alternative applications of encrypted RAM could also have significancein non-mobile computers. For example a desktop computer can useencrypted RAM to securely store sensitive E-mail or other data. Manyusers leave the desktop computer on continuously. The common practice isto lock the keyboard and display with a password. If a thief can steal apassword then entry could be made on a desktop. Encrypted RAM could thenprotect sensitive information. Now that several examples have shown howencrypted RAM could be used, following is a detailed explanation of howa special cipher locked address decoder could be made.

FIG. 11 is an alternative embodiment of encrypted RAM. A signal 49starts and stops the encryption process. A portion of the RAM map 70, asshown in FIG. 8, is set aside for secure memory. A special addressdecoder 55 and an address tracker 56A generate the memory select linesusing one of several possible mathematical formulae. This formularequires a random number be generated at the first time secure data iscreated then stored in address decoder 55. The random number encode orcipher key 52A is added to the address to create an offset address fromthe correct location. The contents of a memory location are notencrypted but its address is intentionally misaligned by a random numberincorporated into the address decoder. This random number is usedwhenever this secure address range is accessed in secure mode. Note thatthis technique applies to static RAM, Dynamic Ram and Flash RAM where anaddress decoder is required to generate select lines. For the purpose ofthis example shown in FIG. 11, a RAM segment 54A is address encrypted.To keep the following example simple the memory RAM segment 54A will belimited to 1024 bytes (hex B000-B3FF) of memory but any size is possibleand larger is better.

When the smart card is inserted into the PAL 10, the address decoder 55reads and writes data in secure mode as normally directed by the centralprocessor 11. In FIG. 11, a random number is generated by random numbergeneration circuitry 51, hexadecimal F is used though any number isacceptable. The processor 11 now issues a write-to-memory command bycalling for base address B000 50. The address decoder 55 receives B00050 on the active address data bus from the central processor 11 Theaddress decoder 55 also receives random number encode key hexadecimal Ffrom the random number circuitry item 51. The address decoder 55 thencomputes memory select lines 53 as if the address were B00F. The centralprocessor 11 writes a 4-byte variable so that 4 successive RAM 8 bit perbyte locations are required. The next byte value from memory will beB001 bus address signals 50A but is instead computed as select lines forB010 (B001+F) by address decoder 55. The central processor 11 thinks itis writing B000 through B003 four successive locations for this onevariable. The four bytes are now stored in B00F B010, B0011, B0012. Whenthe smart card is removed, the address decoder 55 now gets a signal notto use the random number encode key 52A generated by random numbergeneration circuitry 51. Now the central processor 11 attempts to readwhat has been written and issues 4 read commands by memory bus addresssignals 50A beginning with location B000 through B003. The addressdecoder 55 functions normally but the data retrieved from these fourlocations B000-B003 is not coherent and therefore unintelligible, Nextthe smart card is again inserted using the previous example illustratedin FIG. 9 so that the address decoder 55 is now set to secure mode. Theaddress decoder 55 now gets a signal to use the random number encodekey. The four address locations B000-B003 are changed to B00F, B010,B0011, B0012 the exact same locations written to previously. The data iscorrectly retrieved. This example shows how data can be safely encryptedby intentionally misaligning the address. There is no record of theencode key stored in the RAM 10A as shown in FIG. 9, the RAM 10A whereprogram and data are kept. Therefore the key cannot be retrieved by anymethod. Alternative embodiments include using −F instead of F as theencryption key, and binary compliment arithmetic could be used in placeof simple addition. There are several valid methods other than strictinterpretation of the above example capable of achieving the samepurpose.

Returning to FIG. 11, the central processor 11 keeps track of where datais stored using well-understood programming techniques. Using encryptedRAM, the central processor 11 cannot accurately track where data isphysically stored. It depends on the address decoder 55 to correctlyinterpret the hexadecimal address. When the central processor 11 selectsan address close to the end of encrypted RAM boundary, the addressdecoder 55 may set select lines 53 to go past the last boundary address.In the previous example that address is B3FF. The address select lines53 will trap any address computed to be past the boundary. In theprevious example if the central processor 11 set the address lines toB3F1 and the address decoder 55 was set to secure mode then the addressdecoder 55 would set the select lines for an address of B400 (B3F1+F),where the upper boundary is B3FF. The address tracker 56A senses thecondition and sends a signal 58, ranging between 0 and E, generated bythe address tracker 56A to the address decoder 55. This signal causesthe address decoder 55 to reset the select lines 53 as if base addressB000 were being decoded. The decode key 57 is generated by an encodecipher key 52A for use by the address tracker 56A. The decode key 57 isused to compute the value of the signal 58A. No address is used twiceand no valid memory contents are overwritten and the central processor11 cannot determine the equivalent address used.

The encode cipher key 52A can be changed from time to time to maintainan element of randomness. The random encode cipher key 52A may begenerated once per active session. An active session is defined as acontinuous RAM 54A power cycle. As long as the RAM 54A is active theencode cipher key 52A is not lost. If power to the RAM 54A is lost, thenthe encode cipher key 52A is likewise lost and data lost with it aswell. There are other possibilities for setting rules regarding thegeneration of an encode cipher key 52A. For example a key 52A could hegenerated once per secure session and erased when the secure session isended. In this case the data will be lost unless steps are taken tooffload the encrypted RAM data to an alternate location. If the datawere offloaded onto temporary storage then the encode key could bechanged periodically and the secure data reloaded back to encrypted RAM.This would be better for security if the encode key were periodicallychanged. This technique makes it highly unlikely an external spoof canbe used to strobe and read out secure memory.

Once the data is input into the PAL 10, the PAL 10 acts as a decisionaid or purchasers by providing a variety of functions. These functionsinclude, but not limited to, such factors as price, product location,shopping list, and stock status. It also acts as a purchase facilitator,capturing product data as the purchaser shops in the store. Furthermore,PAL 10 stores all purchase information including product data andpurchase history. This PAL 10 can manage money from the purchaseplanning stage to the product selection stage to the checkout counter.Afterwards it can provide historical data for record keeping andhistorical analysis.

A radio subsystem 42 (FIG. 1) utilizes two conventional types ofantennae, as illustrated in FIG. 11 a, simultaneously. These twoantennas, one a forward directional antenna 41 a and the other an omnidirectional antenna 43 a are used by the protocol to affect the RF link.The forward directional antenna 41 a includes conventional components,such as, a signal absorbing material 41 b, reflecting cone shapeddirector 41 c, and a directional element 41 d. The omni directionalantenna 43 a includes conventional dual back-to-back hemisphericalcoverage antennas 43 b. By managing the power, a link can be createdwithin the confines of an aisle shelf area (to be discussed below). Theomni directional antenna is used to communicate with the PAL 10 when itis not within the confines of the aisle shelf area. Both antennas areoperated from their respective antenna controllers 41 c, 43 c andconnected to the processor 11 through the radio link controller 40. Theadvantages of two antennas are diversity and multi channel link controlliving the merchant computer the ability to manage large numbers ofsimultaneous users.

As illustrated in FIG. 7, the facility communication areas 67 effectuatecommunication between the merchant computer and the PAL 10 in themerchant facility. The merchant facility is equipped with one or morefacility communication areas 67. The preferred embodiment communicatesfour (4) ways in the merchant's facility as illustrated in FIG. 12.Communication limitations are a function of facility planning notcapability of the PAL 10. The first method incorporates quicklyuploading and downloading data while traversing a main doorway area 150.The second method involves an omni directional general-purpose systemfor infrequent digital voice and short data bursts for use anywherewithin the merchant facility area 152. The third method provides ashort-range highly directional link to the aisle shelf area 154 forproduct data and location. The fourth method is used for securing anultra short-range link to a smart cash register area 156. The PAL 10communicates in the merchant's facility using radio frequency and orinfrared signals. As illustrated in FIG. 7, The merchant computer 66 islinked to each of the four (4) areas 67 by a high-speed network 69.

Mode of Operation

Referring to FIG. 12 of the drawings, when a purchaser (customer) firstapproaches the merchant's facility at the main doorway area 150, the PAL10 encounters one of several RF barker beacons 142, which extend pastthe main doorway area 150 on either side. The barker beacon 142advertises its presence by transmitting the next available full duplexRF channel, as illustrated in FIGS. 13A and 13B. An ingress barkerchannel 210A, illustrated in FIG. 13A, is used to greet the PAL 10 whenit enters the facility, and an egress barker channel 210B, illustratedin FIG. 13B, is used to clear the PAL 10 from the facility. Each beacon142 can manage a list of channels, 210A. Larger busy doorways will havemore barker beacons 142 than smaller less busy doorways. Each PAL 10will constantly monitor the beacon channels. Each PAL 10 to coming intothe facility will enter with a variable logic condition“OUT_RETAIL_SPACE” set to true in order to effect which beacon 142 PAL10 listens for. When the PAL 10 has successfully entered the maindoorway area 150, the logic condition “IN_RETAIL_SPACE” will be set totrue. Only one of the conditions may be true at a time. On coming in themain doorway area 150, PAL 10 monitors each ingress barker channel 210Afor the next available channel. When an ingress barker channel is read,the PAL 10 will monitor the energy. If no energy is present it willbegin actuation of a short-term time random counter from 0 to 10milliseconds. If the counter timer expires and there is still no energypresent in the channel then PAL 10 begins to transmit its shopping listwith other pertinent data to the merchants-in-store computer system 66,see FIG. 7. If during the short-term counter period the PAL 10 detectsthe presence of energy then it switches to the next highest free channelor moves onto the next barker beacon 142 The bandwidth associated withthe barker beacons is separated into a band for customers coming in anda smaller separate band for the customers leaving. There is sufficientfrequency diversity so those entering will not interfere with thoseleaving. Likewise the full duplex channels, 210A, 210B are sufficientlyseparated so each PAL 10 entering the facility is afforded a high speedchannel fast enough to upload a shopping list file in the time it takesto traverse the main doorway area 150.

Alternatively, upon completion of the product list or shopping list, thePAL 10 can upload the list to the merchant's computer via an Internetportal for storage. The merchant may review the list and check inventoryto assure the products are in stock.

After the shopping list file has been uploaded, the merchant computer66, see FIG. 7, returns pertinent data back to the PAL 10 while the PAL10 is still traversing the doorway area 150, see FIG. 12. A numerical IDvalue is assigned to each PAL 10 while it is in the facility. Ifdesired, a customer may set the PAL 10 to provide customeridentification through the use of a trusted surrogate ID that only hasmeaning to the merchant. If this information were to be intercepted itwould have no value without the merchant computer's database. Likewise acustomer may set the PAL 10 to deny customer private identification. Onthe other hand the customer may set PAL 10 to accept a merchant'sdatabase pointer value, which becomes the customer's In-Store ID andreturns this pointer value when communicating with any of the linkmethods. The barker beacon 142 will identify the merchant, address dateand time and next channel assignment. These values will be sufficientfor the PAL 10 to retrieve the merchant's database pointer set from aprevious time and uplink it along with the item list. Likewise thecustomer may choose not to send the database pointer but instead use aunique generic ID in place of the specific ID. Up linking the databasepointer differentiates a patron user from a public user. The merchantwill set customer treatment rules accordingly so that the merchantcomputer 66 sends the correct information to each user. For example themerchant may wish to exchange a personalized greeting for each patronand a general greeting for a public customer.

In the preferred embodiment, each barker beacon 142 will manage a listof 4 full duplex channels, for example, of 7501 KHz bandwidth centeredat 1 MHz intervals beginning at 381 MHz ending at 384 MHz. A UHF (ultrahigh frequency) is used in the main doorway area 150 such that thebarker beacons 142 is transmitted at, for example, a 5 MHz spacingbeginning from a fixed point, however, any frequency band that meets theneeds is acceptable. The barker beacon 142 advertises channel 1 is free.The incoming PAL 10 tunes to 381 MHz and senses energy levels. If noenergy is present then the PAL 10 commences a random timer from 0 to 10milliseconds. At the end of the timer if no energy is present then ittransmits data to the merchant computer 66, see FIG. 7, at a middlepower setting. The merchant computer 66 will send data to the PAL 10 toadjust the transmit level up or down from the midlevel setting so thetotal RF energy in the main doorway area 150 is managed so all users cancommunicate without interference. Then the next barker beacon 142 is setat 385 MHz and likewise has 4 channels to manage. If the 380 MHz list isfull then the beacon advertises the next beacon as the next channel so,in effect, it manages a list of five numbers, four of which are activeand one of which is used to inform the PAL 10 to seek out the nextbeacon.

The merchant computer 66, see FIG. 7, continually monitors the receiveddata for errors. If a Bit Error Rate (BER) exceeds an arbitrarythreshold value, it will issue a command to the PAL 10 to increasetransmit power, The PAL 10 and the merchant computer 66 continuouslyexchange RF performance and BER information interspersed with data.

Therefore, when the customer visits a merchant a radio frequency RF linkis created on entering the main doorway area 150 with only merchantspecific data is uploaded from the PAL 10 to the merchant computer 66,where the store inventory is stored. All other data remains secure andprotected. A majority of the time the purchaser (customer) will haveselected items from a general list prior to entering the facility in thepurchase-planning mode. At other times the customer has only listed acategory (categories) of products rather than a specific product. Thoseitems, which fit the category or categories along with any productpromotion in the category, will be uploaded upon entering the facility.Specific information provides the purchaser with product, price andaisle location that helps in quickly locating the correct product. Thisdata may be downloaded to the PAL 10 as the purchaser enters the maindoorway area 150. Products can then be organized by aisle location tomaximize selling opportunity and customer convenience.

Also, by the act of entering or ingress, the PAL 10 can also request todownload data pertinent to personal preferences. This data is notrelated to any advertising the merchant wishes to send. Also, thepurchaser will be able to obtain merchant's advertisement datadownloaded from the ingress short-range RF link or select to ignore anysuch advertisements.

Still referring to FIG. 12, as the PAL 10 leaves the doorway area 150,out of range of the barker beacon 142, and enters the facility, thechannel 210A is freed up and returns back to the available state. ThePAL 10 is assigned a Full duplex VHF channel for omni directionalgeneral communication in the merchant facility (retail) area 152. TheVHF band is chosen in this example for its ability to work with anindirect line of sight. Other PALs 10 may share the channels. This linkis designed for short data burst traffic and infrequent digital voicetraffic. The main characteristic of this link is the need for indirectline of sight communications when the PAL 10 is not in contact with theaisle shelf area 154. Location data, “retail” space map segments andinfrequent voice packing are carried on this link. Antennas (not shown)in the merchant facility area 152 are positioned strategically within astore. These antennas are designed to communicate in the full range ofspace with voice and pager communications. The merchant computer 66, seeFIG. 7, will periodically “ping” each PAL 10 in its list of“IN_RETAIL_SPACE” set true to see if the PAL 10 is still within thefacility, Each PAL 10 will respond with its temporary ID value. If noreply is received within a predetermined time out period, the PAL 10 isassumed to have left the space.

The merchant computer 66, see FIG. 7, can differentiate between voicedata packets and general data packets. Voice packets are labeled andtime stamped for priority processing. Voice compression and weightingreduce the need for bandwidth. Voice messages are not guaranteed realtime processing. They are processed for guaranteed delivery and responsewith a paging system. If a customer or user were in the area of forexample aisle ten and needs customer assistance then the customer woulduse the PAL 10 to summon assistance. The merchant's employees/salesassociates may carry a network phone and paging device (not shown). ThePAL 10 has voice input and output and therefore can call and talk withthe sales associate on a paging device (not shown) Location data canappear on the paging display on the paging device while two-way voicecommunication is in progress.

One or more PALs 10 can be in two-way communication with antennas (notshown) in the aisle shelf area 154 to ascertain which shelf the customeris working with. The system will also know how long a customer dwells infront of a shelf and which aisles the customer uses. This data becomesthe “breadcrumb trail” and can be overlaid on a map of the merchant'sfacility so the trail can be shown with actual denoted times.

Communications in the aisle shelf area 154 is asynchronous between thePAL 10 and the merchant computer 66. When a customer aims the PAL 10away from an antenna in the aisle shelf area 154, the link continuity isbroken and the merchant computer 66, see FIG. 7, will then terminate thelink. When a PAL 10 enters the field of the antenna, a link isestablished with data being exchanged on a transaction-by-transactionbasis. For example, scanning a barcode will trigger a transmission;requesting a map to the next product in the list will trigger atransmission and reception; requesting product information, a voicepager link or similar activity will trigger a transmission and cause thePAL 10 to wait for a reception.

When the purchaser (customer) selects a product from the shelf, andscans the product barcode or unique identification symbol before placingit into the cart, each price unit quantity is scanned in. The price forthat product was downloaded when the PAL 10 is in the main doorway area150 or the aisle shelf area 154. If the purchaser sets a budget maximumthen, the PAL 10 will signal the purchaser when the limit is reached. Ifthe price was not available or is incorrect, the purchaser can enter theprice through a touch screen. Differences are reconciled at checkout.Prices are totaled as items are added. Items can be added or removedfrom the list at any point prior to checkout. When the purchaser scansin each item to be purchased, the PAL 10 matches it against the shoppinglist. If an item is not scanned in, the PAL 10 will notify the purchaserof forgotten items. Items will not be forgotten until the purchaserdiscards the item prior to checkout. When a customer removes an itemfrom the shelf and scans in the unique product ID that number isregistered in the PAL 10. The PAL 10 will broadcast to the appropriatestation the ID of the item selected.

The merchant computer 66, see FIG. 7, keeps track of the purchase listitems as the purchaser removes them from the shelf. The PAL 10 will inturn receive current price data. If there is a discrepancy against aprevious price value, the purchaser is notified and has the option ofreturning the item to the shelf. If the purchaser returns the item tothe shelf the purchaser removes the item from the procurement list onthe PAL 10 display and the merchant computer 66 receives the updatedinformation so the shelf item count is updated. This aspect of thepresent invention saves the merchant restocking labor.

The checkout process is illustrated in FIG. 14. Proceeding on to thecheckout area the customer places the PAL 10 onto a conventionalshort-range pedestal 86. On the pedestal 86 the link is actively managedin fractions of an inch. The frequency band chosen for this link must becapable of meeting the demands of the link. This link functions like theaisle link except it is managed for link distances in fractions of aninch. Super high frequency microwave, infrared or optical are frequencybands that meet requirements. This type of link is designed for highsecurity however conventional encryption techniques may also be used.The link power budget is managed so no energy escapes the contiguouslink volume subtended when the PAL 10 is resting on the pedestal 86. Aconventional infrared or optical port (not shown) connected to the radiosubsystem 42, see FIG. 1, can be fashioned so that it covers up theactive area on the pedestal. A conventional link power managementcircuitry (not shown) keeps the power level very low so no detectableenergy escapes the seams between the PAL 10 and the pedestal surface.Likewise, for example, a 100 GHz super high frequency microwave can beembedded in the pedestal 86 so fractional microwatt power level can beused.

The ultra short range radio link controller 88 is connected to a smartcash or sales register 90, which establishes two-way communicationsbetween the PAL 10 via the optical scan assembly 46, and smart cash orsales register 90. When a PAL 10 is first placed on pedestal 86, asignal from the pedestal 86 detects the presence of a PAL 10. Once thepresence is detected, the ultra short range radio link controller 88establishes communication by sending a control signal to the PAL 10 toenable control of the transmit power level from the PAL 10 back to thepedestal 86. Communications with the smart cash or sales register 90follows normally. The PAL 10 can be removed from the pedestal 86 in thedata exchange process. This action will momentarily interrupt theexchange process. The process will be automatically restored when thePAL 10 is returned to the pedestal 86. The pedestal 86 containsconventional electronics and antenna elements (not shown) needed tomanage the micro RF link. The link exists only when the PAL 10 is on thepedestal 86. The RF field falls off to zero very rapidly away from thepedestal. This method limits what other PALs in close proximity oradjacent to the pedestal can sense. Others will not detect the presenceof the micro RF field.

Once the PAL 10 forms a link with the smart cash or sales register 90,quantity aid price can reconcile the purchase list. Discrepancies willbe discovered and displayed immediately. When the purchaser is satisfiedwith the results, a confirmation is made to send a credit or debit carddata (not shown) to the sales register 90 automatically. The cashregister receipt is returned electronically. A history of purchases andpayment methods is maintained. The purchaser can reconcile the data withfinancial statements. The data then can be discarded or downloaded to apersonal computer for long-term retention. A running balance ismaintained in all accounts. The purchaser can have funds added atscheduled intervals. The real time clock will monitor the financialcalendar schedule and perform actions on schedule.

As mentioned above, the PAL 10 may prompt the purchaser for a paymentmeans such as cash, credit or checking. The payment method could havebeen set prior to entry but this is not required. If the purchaser ispaying by cash the PAL 10 subtracts the amount from the total (set bythe purchaser or computed from previous transactions, or downloadedsales slip from the sales register) and shows the remainder. If thepayment is by check then the check number, date and amount will be keptand down loaded to the purchaser's personal computer later. This data isnot entered manually by the user but returned by the sales register foran automatic log. Other check data may be entered manually if sodesired. If payment is by credit or debit card, a link is made to abanking network 92A, see FIG. 14.

Rebates offered by the merchant and manufacturers are automaticallytransacted by the system of this invention. The customer will see therebate offer transmitted by the station RF link for a scanned product.At the sales register the customer information necessary for the rebateis up loaded to the sales register to supply chain network 92B, see FIG.14. The customer will receive the rebate in due process and no furtheraction is required. If the customer decides to return a product, thesales register attendant will scan in the unique product ID. The systemwill recognize the ID as having a rebate process pending and cancel thepending process. The merchant saves processing time and expense by sucha procedure.

Upon completion of the sales transaction, the customer can store the PAL10 on his/her person and leave the store with the shopping historystored in PAL 10 for future use.

FIG. 15 shows the power supply 100 needed to operate the PAL 10. Thepower supply 100 uses two sets of batteries 102, 104 to provide power.Only one set is needed at one time. The processor 11, see FIG. 1, is incommunication with both sets to sense a low condition on the active setand to manage power, for example, by automatically switching to thesecond set and/or notifying the customer to change the depleted set.Since the PAL will be used for financial transaction processing, it willrequire a high degree of reliability. While the device may be designedwith high reliability methods and components it will have a prominentrisk of failure due to dependence on batteries. To mitigate this risk,special circuits are employed to manage two independent sets ofbatteries. The PAL 10 only runs from one set of batteries alternatingbetween the two. As one set is run down, a power intelligence algorithmrun by the processor 11, see FIG. 1, transfers to the second set. Theuser is prompted to change batteries of the first set. Each set ofbatteries has an indicator to mark the battery set for changing. Twoadjacent compartments 106, 108 with a divider 110 separate thetwo-battery sets 102, 104 under the battery cover (not shown). Anintermittent indicator 112, 114 of any color, though red is preferred,flashes to denote the tray compartment having run down batteries. Thedisplay 22, FIG. 1, contains graphics and instructions on how to changethe batteries. The customer is not required to change batteriesimmediately, up to a few weeks, after the PAL 10 has shifted over to thesecond set. When the second set begins to run down, the frequency ofreminders increases. At the sixty-percent remaining level, the PAL 10will not perform any functions until the first set is replenished.

Finally, an additional feature of the PAL 10 of this invention, asillustrated in FIG. 16, shows how PAL 10 can measure weight. Weight is akey parameter for measuring out quantity to determine price. The weightmeasuring device 58 includes a strain gauge 312 mounted on a shaft 314.The shaft 314 has a fixed end 315A and a free end 315B. The fixed end315A is fixedly attached to the PAL and the free end 315B is rotatablyattached to the PAL 10. A spring 320 is fixedly attached to the PAL 10and the shaft free end 315B. A line 316 is wound on a pulley 318 havinga slip knot mechanism 320A on the free end 321 of the line 316. The slipknot mechanism 320A allows the line to form an adjustable loop. The loopcan be cinched to hold material without bottom support while the PAL. 10computes the weight of an object purchased. The pulley 318 is fixedlyattached to the shaft 314. The line 310 is cinched tight to hold theobject. The PAL 10 then determines the weight based on the strainmeasured by the strain gage 312 as the shaft 316 torsional deflectsunder the load of the object. The user then can add price input todetermine the total price. The PAL 10 is equipped with a method foraccurately measuring the weight of a small amount of mass. A pulley,shaft and springs are used to make a self-retracting mechanism forstoring a strong lightweight braided line. The line material is chosenso that it will not stretch over time or distort in any way when usedwithin design limits. A line release mechanism 322 on the PAL 10 handlereleases a lock (not shown) that allows the line 316 to be extended fromthe PAL 10. The strain gauge 312 is connected to the analog-to-digitalconverter 56, thereby linking the weight measuring device 58 to theprocessor 11, as illustrated in FIG. 1. The strain gauge deflections aretransmitted to the central processor 11 for conversion into weight andcalculating purchase price based on the cost per unit weight inputted byan input device, such as an optical scanner or keyboard.

Although the invention has been described with respect to variousembodiments, it should be realized this invention is also capable of awide variety of further and other embodiments within the spirit andscope of the appended claims.

1. A handheld device comprising: encrypted random access memory (RAM)having a disabled mode; an address decoder; means for misaligning anaddress of a memory location in said encrypted RAM by a random numberincorporated into said address decoder to encrypt the address to preparesaid handheld device for said disabled mode; an unlocking processcapable of performing a multi-step process to access said encrypted RAMin said disabled mode including the steps of: inserting a smart cardinto a smart card reader of said handheld device; accessing a personalidentification number on said smart card; receiving a user entryincluding a candidate personal identification number; verifying saidpersonal identification number with said candidate personalidentification number; comparing a secure data hash on said handhelddevice with a hash stored on said smart card; unlocking said encryptedRAM if said personal identification number and said secure data hashverify; and accessing said memory location by said address decoder byusing said random number when a secure address range is accessed.
 2. Thehandheld device of claim 1 further comprising: a plurality of antennasfor sending and receiving simultaneous signals; means for receiving saidsimultaneous signals on a wireless channel; means for releasing saidwireless channel; means for exchanging information from saidsimultaneous signals on a full duplex wireless channel after releasingsaid wireless channel; and means for transmitting said information usinga special purpose short-range link to provide secure transmission ofsaid financial data.
 3. The handheld device of claim 2 furthercomprising: means for controlling transmitting power in said full duplexwireless channel.